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Abstract 

Pseudorandmness plays an important role in number theory, com- 
plexity theory and cryptography. Our aim is to use models of arith- 
metic to explain pseudorandomness by randomness. To this end we 
construct a set of models Ai, a common element t of these models and 
a probability distribution on A4, such that for every pseudorandom 
sequence s, the probability that s(i) = 1 holds true in a random model 
from M. is equal to 1/2. 

1 Introduction 

A pseudorandom sequence is an infinite sequence of —Is and Is computable in 
nondeterministic polynomial time that is not correlated with any polynomial 
time computable function. Such sequences can also be viewed as sets in 
NP PI coNP; thus we can also talk about pseudorandom sets. Intuitively, a 
pseudorandom set splits every set in P into two sets of equal density. There 
are some natural and important candidates for pseudorandom sequences in 
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number theory such as the Liuville function (closely related to the Mobius 
function) . 

Our main result is a construction of a set of models Ai, a common element 

1 of these models and a probability distribution on Ai, such that for every 
pseudorandom sequence s, the probability that s(l) = 1 holds true in a 
random model from Ai is equal to 1/2. Thus pseudorandomness of sequences 
manifests itself in Ai as genuine randomness. Admittedly, this result is weak, 
because it concerns only one common element of the models. We present it 
as a proof of the concept that results of this kind are possible. We suggest 
some ways of extending this result in Section [U 

We prove our result by using restricted ultrapowers, which are ultrapowers 
in which the sets of the ultrafilter and the functions are elements suitable 
classes. The history of restricted ultrapowers goes back to Skolem (see [5]). 
We will start with a model Mo, a core of our construction, constructed from 
the set of all polynomial time computable functions reduced by a suitable 
ultrafilter on the complexity class P. By extending the class of functions 
and the ultrafilter in various ways, we obtain a set of models Ai extending 
the core model. Remarkably, there is a natural way of defining a probability 
measure on Ai. 

In the last section we present some philosophical speculations about the 
nature of pseudorandomness. 

2 Preliminaries 

2.1 Random sequences 

We will study sequences s : N — > {±1}- Let S denote the set of all such se- 
quences with the uniform distribution. Intuitively, Pr[s(n) = 1] = Pr[s(n) = 
— 1] = | and these events are independent for different numbers. Formally, 
there is a Lebesgue measure mon5 that is uniquely determined by 

m({s e S; s(l) = ax A ... A s(n) = a n }) = 2~ n 

for all n and all strings a of ±ls. We say that a "random sequence satisfies 
P," if the probability that a random sequence satisfies P is 1. If a random 
sequence satisfies Pi, P2, . . ., then it also satisfies /\ i Pi. 
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The basic fact about random sequences is the Law of Large Numbers 



Pr 



n-l 



lim y s(i)/n = 



i=0 



1. 



This theorem, however, does not provide information about the rate of con- 
vergence. Much more precise theorems have been proven, in particular 
Khinchin's Law of Iterated Logarithm 



Pr 



n-l 



lim sup s(i) I V 2n In In n = 1 



i=0 



which, in particular, implies that for every e > 0, 
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n— 1 



lim s(i)/ni +e = 

n.->oo i J 



i=0 



1. 



(1) 



2.2 Algorithmic randomness 

We want to formalize the concept that a sequence s "looks like a random 
sequence" . Here the sequence s is fixed, so we cannot use probability theory 
The basic idea is that s must satisfy many properties that random sequences 
satisfy with probability 1. E.g., we certainly want the property used in the 
Law of Large Numbers. Further, we want to consider properties that can be 
algorithmically decided. Therefore it is more natural to talk about satisfying 
tests instead of properties. 

The study of such concepts has long history and many researchers con- 
tributed to it, including Kolmogorov, Chaitin, Levin, Schnorr and Martin- 
Lof. This research area is called algorithmic randomness. We mention one 
of the concepts that is studied there, so that we can compare it with the 
concept that we will introduce. 

A martingale is a function F : {±1}* — > M + such that 

F(a 1 , ...,a n ) = -(F(a 1 , ...,a n , -1) + F(a 1 , ...,a n , +1)) 

Definition 1 (Schnorr |8J) A sequence s : N — > {±1} is P-random, if for 

every polynomial time computable martingale 

limsupF(s(0), s(l), . . . , s(n — 1)) < oo. 
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Another concept relevant to this paper is the concept of pseudorandom 
number generator, which will be abbreviated by PRC A PRG is an algorithm 
to produce a long string of numbers, usually just Os and Is, from a short 
random string, called the seed. So in this case we do not have only one infinite 
sequence, but a small set of finite strings with a probability distribution. This 
concept plays an important role in the theories that study computational 
complexity and cryptography. 

There is one important difference in how the computational resources are 
bounded in the two mentioned approaches. When testing a sequence s for P- 
randomness, the testing algorithm receives the whole string (s(0), s(l), . . . , s(n— 
1)) as an input and can use time polynomial in n. In contrast, algorithms 
testing pseudorandomness get n represented in binary and can use time poly- 
nomial in the length of n, i.e., they run in time polynomial in logra. 

2.3 Pseudorandom sequences 

Our concept is closer to the theory of pseudorandomness than to algorithmic 
randomness. That is why we use the word pseudorandom. The reader should, 
however, be cautioned that there are concepts with similar names that differ 
significantly from ours. 

Definition 2 A sequence s : N — > {±1} will be called pseudorandom if 

1. s is computable in nondeterministic polynomial time, 

2. for every polynomial time computable function f : N — > {±1}, 



Condition 1. means that although we may be not able to compute the value 
s(n) in polynomial time, if somebody gives us a "witness" we are able to 
check the correct value of s(n) in polynomial time. (There should always be 
witnesses for either the value 1 or the value —1, but never for both.) We can 
identify s with the set {n; s(n) = 1} G NP n coNP, so we can also talk 
about pseudorandom sets. 

Condition 2. means that s is little correlated with any sequence com- 
putable in polynomial time. One can consider various modifications of this 



n-l 




(2) 
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condition. For instance, one can allow stronger tests, say, functions com- 
putable in appropriately defined subexponential time. One can also impose 
stronger bounds on correlation. If, for example, we required that 

n-l 

lim y2f(i)s(i)/n a = 0, 

n— >oo < ' 

i=0 

for some 1/2 < a < 1, then the correlation would be exponentially small (on 
finite initial segments; recall that the input size is logn). 

Another motivation for the definition above is the Mobius Randomness 
Principle proposed by Peter Sarnak (see [1]). According to this principle 
the Mobius function \i is not correlated to any "low-complexity" function 
F : N ->■ [— 1, 1] in the sense that 



lim V F(i)fi(i)/n = 0. 

}.— >oo ' J 



n—>oo 

i=l 



This is like saying that /x is pseudorandom, except for a few minor differences. 
First, fi takes on not only the values ±1, but also 0. This does not seem very 
important for studying the concept of pseudorandomness (see Proposition ^. 31 
below). Second, it is not specified what "low complexity" means. This leaves 
open the possibility of studying various specific versions of the conjecture. 
Third, the tests are functions F whose range is in the whole interval [—1, 1]. 
We will show below that this is also an irrelevant difference. 

Proposition 2.1 Suppose that s : N — > {±1} is pseudorandom. Let F : 
N [—1, 1] be a polynomial time computable function whose values are bi- 
nary rationals. Then 

n 

lim S^F(i)s(i)/n = 0. 

i=l 

Proof. Let s and F be given. One can easily show that s is pseudorandom also 
with respect to polynomial time computable functions / : N — > { — 1,0,1}. 
(Hint: write / = |/ + + -/_, where f+(n) = 1 if f{n) = 1, otherwise / 4 
— 1, and f-(n) = —1 if f(n) = —1, otherwise f-(n) = 1 

'n) = Y 

■*3 



n 



Represent F as a weighted sum of such functions, F{n) = J^'jLo ^ 1 fj( n )- 



Then 

n n oo oo n 

lim y F(i)s(i)/n = lim > > 2~ 3 fj(n)s(i)/n = / 2~ 3 lim y fj(n)s(i)/n 

i=l i=l j=0 j=0 i=l 
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because the infinite sum converges absolutely. 



Say that a set of numbers A has positive density, if liminf^oo \A D [0, n — l]\/n > 

0. 

Corollary 2.2 If X is a pseudorandom set, then neither X nor its comple- 
ment contains a set A e P o/ positive density. 

A possible way of stating the Mobius Randomness Principle is to say 
that fi is pseudorandom in the sense of our definition (extended to sequences 
of —1, and 1). A closely related function is the Liouville function A. It is 
defined by X(n) = (— l) k , where k is the number of prime factors of n counted 
with their multiplicity. 

Proposition 2.3 ji is pseudorandom if and only if A is. 

Proof. 1. Suppose fi is pseudorandom. Let a polynomial time computable 
function / : N — > {±1} and e > be given. Let n be such that Ylk>n k~ 2 < 
e. We have 



lim^/(i)A(i)/n| 



< 



n— >oo 

i=l 



V | lim V f(k 2 i)\(k 2 i)/n l + V | lim V /(A; 2 *)A(A; 2 *)/n | < 

l<fc<n i<k 2 i<n, k>n i<k 2 i<n, 

l square free % square free 

El lim y f{k 2 i)n(i)/n | + e = e. 

l<fc<n l<fc 2 j<n 

2. Now suppose that /i is not pseudorandom. Let / : N — > {±1} be a poly- 
nomial time computable function and e > such that lim n ^oo Ym=i /(^A t (0/ n = e - 
Let n be as above. Furthermore, we can suppose that lim n ^oo Y^i=i f W -M*) / ' n = 0? 
because otherwise we would be done. In a similar fashion as above, decom- 
pose the X)i=i f (i) ^(i) / n m to three terms 

1. the sum over square free numbers i, 

2. the sum over numbers % divisible by k 2 for some k < n , and 

3. the sum over the remaining numbers %. 
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By our assumptions, the limit of the first sum is e, the sum of the limits of 
the sums 2. and 3. is — e, the sum 3. is > — e. Hence, if we define 



Some special cases of the Mobius randomness principle have been proven. 
The first one was the Prime Number Theorem, which is the case of / = 1. 
(The question whether the bound on correlation can be improved to the form 
(JTJ is the Riemann Hypothesis.) Recently B. Green proved the principle for 
AC , jl]. Let us say that a sequence is y4C°-pseudorandom if it satisfies 
Definition [2] with the condition 2. weakened to y4C°-computable. Then one 
can state Green's result as follows. 

Theorem 2.4 (|4J) The Mobius function is AC -pseudorandom. 

The Liouville function is also v4C°-pseudorandom. 

It will be very difficult to prove that some sequence is pseudorandom, be- 
cause the existence of pseudorandom sequences implies P ^ NP. For specific 
functions, it may be even harder. If the Mobius function is pseudorandom, 
then integers cannot be factored in polynomial time. 

In the opposite direction, we know that hardness of factoring implies the 
existence of pseudorandom sequences (we are not able to prove that it implies 
the pseudorandomness of the Mobius function, though). This is because 

1. there are constructions of permutations that are one-way functions pro- 
vided that factoring is hard, 

2. there is a construction of a hard-core predicate from any one-way per- 
mutation, and 

3. hard-core predicates are very closely related to pseudorandom sequences. 

We will now explain this connection in more detail, but for the sake of 
brevity, we will skip the definition of a one-way function. Let 1 < k\ < 
&2 < . . . be a sequence of integers that grow at most polynomially, and let 
Fj : {0, l} kj — >■ {0, l} kj , j = 1, 2, . . . , be a sequence of permutations. Suppose 
that these numbers and functions are uniformly computable in polynomial 




f(n) if n is divisible by k 2 for some k < no, 
f{n) otherwise, 



we obtain lim, 



Er=iS«A«/n>0. 
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time. We say that functions Bj : {0, 1}^ — > {0, 1}, j = 1,2,..., are hard-core 
predicates for the functions Fj, if Bj are uniformly computable in polynomial 
time, and for every function g(x) computable by a randomized polynomial 
time algorithm 

Pr[g(F j (x))=B j (x)} = ±±-^, (3) 

where the probability is taken over uniformly distributed x G {0, l} kj and 
random bits of the algorithm for g\ further, oj(1) is the standard notation 
for functions going to infinity. In plain words, this means that Bj(x) can be 
predicted from Fj(x) only with negligible probability (which, in particular, 
implies that it is difficult to invert Fj). 

The concept that is closely related to pseudorandom sequences (as defined 
in this paper) is the sequence Bj(F~ 1 (y)), j = 1, 2, . . .. To get a pseudoran- 
dom sequence s, we only need to connect the bits i?j(F _1 (y)) into one infinite 
sequence: 

s (n) = (_l)^(F- 1 (n-E i<J 2 fc 0) ) 

where Yli<j 2 hi < n < Yli<j 2 hi and where we are identifying {0, l} k] with 
0,1,,. ..^"i-l. 

In order to show that s(n) is pseudorandom, we have to address only one 
small complication. While in ([2]) of the definition of pseudorandomness we 
consider all initial segments, in fl3]) of the definition of the hard-core predicate 
we only consider correlation over the entire interval [0, 2 kj — 1] (but we have 
better convergence). We need to show that the correlation of Bj(F~ l (y)) 
with polynomial time functions is also low on an initial segments [0, a] of 
[0,2*' -1]. 

Suppose g has positive correlation with Bj(F~ 1 (y)) on [0,a]. If we knew 
a, we could define g' that has positive correlation with Bj(F~ 1 (y)) on the 
entire interval by putting g'(x) = g(x) on [0, a] and g'(x) = 1 — g(x) on 
the rest. Since we cannot assume that we know a, we have to do something 
slightly more complicated. Note that we are actually assuming that there are 
infinitely many indices j for which g has positive correlation with Bj(F~ l (y)) 
on some interval [0, a,j]. The ratios a,j/2 kj have some limit point a, < a < 1. 
Take a rational number /3 close to a (or a itself if it is rational). Then use 
[/32 fcj ] as switching points. 

This finishes a sketch of the proof of the following proposition. 

Proposition 2.5 If there exists no probabilistic polynomial time algorithm 
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for factoring integers, then there exists a pseudorandom sequence. 

Remarks. 1. The construction actually gives a concrete sequence, but 
since its definition is rather complicated, we do not present it here. 

2. We have not fully used the assumption about factoring; one can show 
pseudorandomness of the constructed sequence in a little stronger sense. 

3. For the concepts and results used above, see [3]. 

2.4 Theories 

We need a theory in which it is possible to formalize polynomial time com- 
putations. A natural theory in which this is possible is Cook's PV, [U [6]. 
This theory has function symbols for all polynomial time computable func- 
tion. The function symbols correspond to algorithms based on recursion on 
notation. Our result is quite general and, as such, holds for the stronger 
theory Pl/ N defined below. 

Definition 3 

1. PV n is the theory axiomatized by all true universal sentences in the 
language of PV . 

2. AR N is the theory consisting of all true sentences in the language of 
PV. 

The theory PV N is a conservative extension of the theory of all true IT^ arith- 
metical sentences plus the axiom Wx3y y = x^ log ^ +1 ^ (this axiom guarantees 
that the provably total functions grow sufficiently fast and thus enable us to 
define polynomial time computations). The theory AR N is essentially True 
Arithmetic, except that we use the richer language of PV. 

We focus on the complexity class P, as this is the most interesting case, 
but in fact the same result can be proven for concepts based on other classes. 
An interesting case is the class AC because of the result of Green mentioned 
above. The theory corresponding to this class is V°, see [2]. 

2.5 Random models 

Our aim is to represent pseudorandomness in a different way. The basic idea 
is to study this concept using a set of nonstandard models equipped with a 
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probability distribution. Let a be a first order formula in the language of 
PV defining a sequence s G S, and suppose that we have a set of models M. 
with a probability distribution v. Let be a first order formula. Then we 
can say 's satisfies the property <fr with probability p ' if the probability that 
in a random model from Ai the sequence defined by a satisfies cf) is p. 

If we want to use formulas <ft with parameters, i.e., free variables for 
elements of models, we need to impose some structure on AA. In this paper 
we will only consider the following structure. There is one distinguished 
model Mo such all other models are its extensions. This enables us to speak 
about properties parameterized by elements of M . 

In this paper we say that a model N is an extension of a model M, if M 
is a substructure of N. 

In general the structure defined on Ai can be more complicated. We can 
use various frames, like in the Kripke semantics. If N is one of the "alter- 
native worlds" of M, then N should be an extension of M (not necessarily 
proper). 

An alternative approach is to use a Boolean valued model M with a 
boolean algebra B equipped with a probability measure, an approach stud- 
ied in [TJ. This is, however, not fundamentally different from the approach 
sketched above. Having such a model, we can construct a set of models by 
taking all ultrafilters on B. Vice versa, having Ai and v as above, we can 
take the Boolean algebra of measurable subsets of Ai and define a measure 
on this algebra in a natural way. 

3 The result 

Theorem 3.1 There exists a model Mq of PV n , an element i G Mq, a set 
Ai of models of AR N and a probability measure v on a sigma algebra B of 
subsets of KA such that 

1. models of Ai are extensions of Mq, 

2. for every PV formula 4>(xi, . . . , Xk) and every string of elements ai, . . . , a& G 
M , the set {M G M; M \= 4>(a h ...,a k )} is in B, 

3. for every (definition of a) pseudorandom sequence s, 

Pr v [M |= s{i) = 1] = i 
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Proof. Let K C N be an infinite set. We define density of sets of numbers 
with respect to K, or K- density, to be the partial function defined by 

ienSKX= lim l^ n t°; fc - 1 ]l, (4 ) 

{densxX is undefined when the limit does not exist.) 

The proofs of the following easy facts are left to the reader. 

1. densx is finitely additive. 

2. If densxX = densxY = 1, then densxX n Y — 1. 

3. If C is a countable set of sets of numbers, then there exists an infinite K 
such that densxX is defined (i.e., the limit fll]) exists) for every X G C. 

Let AR denote arithmetically definable sets of natural numbers (which is 
the same as sets first-order definable in the language of PV). Let K be an 
infinite set of numbers such that densxX is defined for every X G AR. 
The following fact is also easy. 

4. Let X G P and Z be a pseudorandom set. Then densxX PI Z — 
TjdensxX. 

Let J-q be the filter in P consisting of all sets of f^-density 1. Let Uq be 
an ultrafilter extending JFq. Hence all sets in Uq have positive density. Let 
FP denote the set of functions computable in polynomial time. We define 
M to be the ultrapower constructed by taking FP modulo U$, 

M = FP/Uo, 

with the PV function symbols interpreted in the natural way. The fact in M 
all true universal PV sentences are satisfied is an immediate consequence of 
Los's theorem. The distinguished element i G M is defined to be the element 
of FP /U represented by the identity function id on N, in symbols i = [id]u Q . 

Let uq — {U\ D f/ 2 ^ •••} be a cofinal chain in Uq. We define the density 
of a set with respect to uq, or u^-density, to be the partial function defined 
bjH 

dens K XnU n 
dens Uo X = lim — — . (5) 



n— >oo 



densxUn 



1 More precisely, we should also use the index K , but there is no danger of confusion, 
since K is fixed for the rest of the proof. 
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Again, one can easily prove that we can pick u so that w -density is defined 
for every X G AR. The following facts are immediate corollaries of 1. and 
4.: 

5. dens UQ is finitely additive. 

6. dens U0 Z = | for every pseudorandom set Z. 

The set of models that extend M will be defined using the following set of 
ultrafilters on the boolean algebra AR. 

Si = {U; U ultrafilter on AR, U CU and W G U dens UQ V > 0}. 

7. If T C AR is a filter such that dens U0 U > for all U G J 7 , then T can 
be extended to an ultrafilter belonging to SI. 

Let FAR denote arithmetically definable functions. Define 

M = {M; M = FAR/U, U G Si}. 

Note that for IA\ ^ U2, the ultrapower models are different (they may be 
isomorphic, though). Since FP C FAR and Uq C U, for every U G Vt, we 
have: 

8. Every M G Ai is an extension of M . 

The fact that these models are models of True Arithmetic, is a well-known 
consequence of Los's theorem. 
For X G AR, let 

n[X] = {U; X G U}, 

and put 

A = {Q[X}; X G AR} 

9. Aq is a Boolean algebra. 

Lemma 3.2 Q[X] = Sl[Y] if and only if dens U0 X AY = (where A denotes 
the symmetric difference). 

Proof. dens U() X \ Y > 0. Let T be the filter in AR generated by X \ Y > 0. 
By 7., J 7 has an extension to U G SI. Hence U G Sl[X] \Sl[Y]. This gives us 
the forward implication. 

Now suppose U G Sl[X] \ Q[Y], for some U. Then X \ Y G U. Since 
ultrafilters in SI do not contain sets of « -density 0, we have dens UQ X\Y > 0. 
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This lemma enables us to define an additive measure u on Aq by putting 

z/ (f2[X]) = dens UQ X. 

In particular, v (fl) = 1. 

Lemma 3.3 If A±, A2, ■ ■ ■ G ^4o ore pairwise disjoint and [J n A n G Ao, ^en 
1^0 — /or a// n except for a finite number of them. 

Proof. To prove the claim, suppose the contrary. Let X, Xi,X 2 , . . . G AR 
be such that A n = fl[X n ], for n — 1, 2, . . ., and \J n A n = fl[X]. We observe 
that dens Uo Xi fl Xj — for i ^ j, because Aj fl A,- = 0. 

Let F n = X\\J™~i Xj. We will show that dense U0 Y n > for all n. Suppose 
that for some n, dense Uo Y n = 0. Let m > n such that dens UQ X m > 0. Since 
dens Uo X m fl IJ^Tj 1 Xj = 0, we have dens Uo X m fl X = 0. This implies that 
fl[X m ] nn[I] = 0. But this is impossible, because fl[X m ] ^ 0. Thus 
dense U() Y n > for all n. 

Extend the filter {Y n ; n = 1,2,...} to an ultrafilter U G fl. Clearly 
U G fl[X], but for no n, U G fl[X n \. m 

An immediate corollary is: 

10. vo is o"-additive. 

According to a basic theorem about extensions of measures, we can extend 
the a-additive probability measure u Q defined on the Boolean algebra Aq to 
a o--additive probability measure v\ defined on a a- algebra A\. Using the 
bijection U 1— >■ FAH/Vf we translate the measure v\ defined on a cr-algebra 
A\ to a measure z/ defined on a a- algebra i3 of subsets of M.. 

We will now prove the second condition of the theorem. Let . . . , Xk) 
be a PV formula, a ± , . . . , a k G M , let W G fl and let M = FAK/U. Further, 
let fi, . . . , fk G FAR be the functions representing ai, . . . , a& (in symbols, 

Oi = [/i]«o)- 

According to Los's theorem, M \= 0(ai, . . . , a^) if and only if 
{n; N|=0(/iW,---,/fcW)}eW. 

Hence the set of ultrafilters for which the models satisfy (f>(ai, . . . , ak) has the 
form f2[X], for X G AR. Therefore 

{M; M|=0(a 1 ,...,a fc )}Gi3. 
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It remains to prove the third condition of the theorem. Let s be a pseu- 
dorandom sequence and let if)(x) be a formula defining s(x) = 1. By Los's 
theorem, the set of models satisfying corresponds to the set of ultrafilters 
such that {n; N |= ip{n)} e U (recall that i = [id]u )- Thus we have 

u({M; M |= VW}) = {n; N eW}) 

= cfens uo {n; N (= ^(n)} 
1 

2> 

by 6. Thus the theorem is proved. ■ 



4 Remarks 

1. We will generalize the concept of pseudorandom sequences and sets to 
cover sequences in which 1 occurs with frequency p ^ \- 

Definition 4 Let p be a real number, < p < 1. We will say that a sequence 
s : M — > {±1} is p-biased pseudorandom, if s is computable in nondetermin- 
istic polynomial time and 

n-l 

lim y)/(i)((s(z)-l)/2+p) = 0, 

i=0 

for every polynomial time computable function f : N — > {±1}. 

A set X C N will be called p-biased pseudorandom, if it is the set of 
arguments for which a p-biased pseudorandom sequence is 1. 

Several propositions proved above generalize to p-biased pseudorandom 
sequences and sets. In particular, we would like to draw reader's attention to 
Corollary 12.21 and Theorem 13.11 The condition 3. of Theorem 13 . 1 1 holds true 
for all real numbers p, < p < 1 and all p-biased pseudorandom sequences 
simultaneously. 

2. The main weakness of Theorem 13.11 is that condition 3. is stated only for 
one element, only for i. One can show that in the constructed system Ai, 
condition 3. holds for several other elements of M ; in particular, it is true 
for all elements of the form at + b for a G N and 6 6 Z. This can easily be 
proved using the following lemma. 
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Lemma 4.1 Let s be a pseudorandom sequence. Let g G FP be increasing 
and invertible in polynomial time on an infinite interval [no,oo). Further- 
more, suppose that Rng(g), the range of g, has positive density. Then the 
sequence s' defined by s'(x) = s(g(x)) is also pseudorandom. 

Proof. Let s and g be given and suppose s' is not pseudorandom. Let / be 
a function that witnesses that s' is not pseudorandom. We define a function 
that witnesses that s is not pseudorandom. 



We certainly cannot expect condition 3. to hold for all numbers of M . 
For small numbers n, s(n) is defined in M Q , because s is computable in 
exponential time. If a G M is larger than all numbers ci, for c G N, then 
a = [g]u for some g that grows more than linearly. The range of such a 
g has density 0, hence we cannot deduce anything about it. For example, 
A(n 2 ) = 1 for all n, whence M |= X(l 2 ) = 1. 

3. We also cannot expect stronger properties of random sequences to hold 
in the system of models of Theorem 13.11 unless we assume more about the 
sequences. For example, s(l) and s(t + 1) do not have to be independent in 
Ai, because we do not assume any kind of independence for pairs s(n) and 
s(n+l), n G N. A more specific example (assuming that A is pseudorandom) 
is the fact that A(2n) = — A(n). 

5 Philosophical speculations 

Some cosmologists believe that when the universe emerged from a singularity 
some physical properties of it were decided randomly. Others even believe 
that there is a multiverse consisting of many different universes, one of which 
is our universe. In contrast to this, philosophers have never doubted that 
the basic mathematical structures, namely the natural and real numbers, are 
unique. These structures are unique in the sense that they must be same in 
all conceivable physical worlds. 

There are good reasons to believe that the natural numbers are abso- 
lute in the sense that there are no possible alternatives to them. The only 




f[g 1 (n)) if n > n Q and n G Rng(g) 
otherwise. 
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structures that satisfy the basic arithmetical laws and are different from the 
natural numbers are nonstandard models. Though it has been proposed that 
the actual natural numbers have the structure of a nonstandard model, e.g., 
in [9], most philosophers do not accept such a possibility. The problem is 
that a nonstandard model contains the standard model as an initial part, 
and so we should identify the natural numbers with this initial part. Thus 
viable alternatives should use the same numbers with different arithmetical 
operations. Since we can prove that the operations of addition and multipli- 
cation are uniquely determined by the basic axioms (the axioms of Robinson 
Arithmetic), it is inconsistent to assume that on the set of standard numbers 
different kinds of addition and multiplication are possible. 

However, what is inconsistent in our world may be consistent in a different 
one, and vice versa. Consider a pair of (necessarily nonstandard) models of 
Peano Arithmetic M and N that have the same elements, the same addition, 
but different multiplication. (Such pairs can be easily constructed using 
recursively saturated models.) In a world in which M is the standard natural 
numbers, it is inconsistent to assume that anything like N exists. Yet, it does. 

We may secretly ponder over such scenarios, but there is a strong reason 
not to talk about the possibility of different arithmetics openly. If a concept 
is inconsistent, we cannot talk about it and there cannot be any theory 
around it. Therefore, any conjecture of this kind would be neither provable 
nor disprovable and, as such, should be discarded as meaningless. 

However, some phenomena can be studied even if they are not directly 
observable — because they have side effects. The presence of these effects 
is a proof of the phenomenon. A side effect of the origin of our integers 
in a random process could be the randomness present in the structure of 
integers. It is not genuine randomness, because the integers are a single 
structure. What we rather observe are some properties that are satisfied 
by truly random objects. Therefore we call it pseudorandomness. Number 
theorists are familiar with this; they use assumptions about random behavior 
in heuristic arguments when they are not able to prove theorems rigorously 
and some conjectures are also justified in this way (including the Riemann 
Hypothesis). 
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